Reconfigure the registry to proxy quay.io/tinkerbell-actions

We need a way to simplify pull from `quay.io/tinkerbell-actions`, the
location for the reusable actions we release.

https://artifacthub.io/packages/search?kind=4

All the images are proxies via an internal registry. This commit
configures it to look at the images hosted in
`quay.io/tinkerbell-actions` when there is not one in the internal
registry and it proxies.

For example:

    $ docker pull 192.168.1.1/tinkerbell-actions/rootio:v1.0.0

    v1.0.0: Pulling from tinkerbell-actions/rootio
    b5b0f03f0cb8: Pull complete
    48742f086697: Pull complete
    06d27b65800a: Pull complete
    3281556401c6: Pull complete
    b94e835dc9fd: Pull complete
    Digest: sha256:ec9855556388a690cad2535cf813f69cffa6df24476aedb16b3cdfc0d809492c
    Status: Downloaded newer image for 192.168.1.1/tinkerbell-actions/rootio:v1.0.0
    192.168.1.1/tinkerbell-actions/rootio:v1.0.0

Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>

CODEOWNERS

@@ -0,0 +1,6 @@
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+
+*       @gauravgahlot @gianarb

CONTRIBUTING.md

@@ -1,45 +0,0 @@
-## Hello Contributors!
-
-Thanks for your interest!
-We're so glad you're here.
-
-### Important Resources
-
-#### bugs: [https://github.com/tinkerbell/sandbox/issues](https://github.com/tinkerbell/sandbox/issues)
-
-### Code of Conduct
-
-Please read and understand the code of conduct found [here](https://github.com/tinkerbell/.github/blob/master/CODE_OF_CONDUCT.md).
-
-### DCO Sign Off
-
-Please read and understand the DCO found [here](docs/DCO.md).
-
-### Environment Details
-
-Building is handled by `make`, please see the [Makefile](Makefile) for available targets.
-
-#### Nix
-
-This repo's build environment can be reproduced using `nix`.
-
-##### Install Nix
-
-Follow the [Nix installation](https://nixos.org/download.html) guide to setup Nix on your box.
-
-##### Load Dependencies
-
-Loading build dependencies is as simple as running `nix-shell` or using [lorri](https://github.com/nix-community/lorri).
-If you have `direnv` installed the included `.envrc` will make that step automatic.
-
-### How to Submit Change Requests
-
-Please submit change requests and / or features via [Issues](https://github.com/tinkerbell/sandbox/issues).
-There's no guarantee it'll be changed, but you never know until you try.
-We'll try to add comments as soon as possible, though.
-
-### How to Report a Bug
-
-Bugs are problems in code, in the functionality of an application or in its UI design; you can submit them through [Issues](https://github.com/tinkerbell/sandbox/issues).
-
-## Code Style Guides

cmd/bump-version/main.go

@@ -59,7 +59,7 @@ const headerFile = `#!/bin/bash
 
 # This file is generated by an utility called bump-version in
 # tinkerbell/sandbox.
-# This file gets used from generate-env.sh but it is also used standalone by
+# This file gets used from generate-envrc.sh but it is also used standalone by
 # automation that wants to get the version of the programs currently supported
 # in sandbox
 

current_versions.sh

@@ -2,7 +2,7 @@
 
 # This file is generated by an utility called bump-version in
 # tinkerbell/sandbox.
-# This file gets used from generate-env.sh but it is also used standalone by
+# This file gets used from generate-envrc.sh but it is also used standalone by
 # automation that wants to get the version of the programs currently supported
 # in sandbox
 

deploy/registry/Dockerfile

@@ -4,4 +4,5 @@ ARG REGISTRY_USERNAME
 ARG REGISTRY_PASSWORD
 RUN mkdir -p /certs /auth
 RUN htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > /auth/htpasswd
+ADD config.yml /etc/docker/registry/config.yml
 EXPOSE 443

deploy/registry/config.yml

@@ -0,0 +1,22 @@
+version: 0.1
+proxy:
+  remoteurl: https://quay.io/tinkerbell-actions
+log:
+  accesslog:
+    disabled: true
+  fields:
+    service: registry
+storage:
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /var/lib/registry
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3

deploy/terraform/main.tf

@@ -57,8 +57,8 @@ resource "null_resource" "tink_directory" {
   }
 
   provisioner "file" {
-    source      = "../../generate-env.sh"
-    destination = "/root/tink/generate-env.sh"
+    source      = "../../generate-envrc.sh"
+    destination = "/root/tink/generate-envrc.sh"
   }
 
   provisioner "file" {
@@ -71,9 +71,12 @@ resource "null_resource" "tink_directory" {
     destination = "/root/tink"
   }
 
-  provisioner "file" {
-    source      = "nat_interface"
-    destination = "/root/tink/.nat_interface"
+  provisioner "remote-exec" {
+    inline = [
+      "iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
+      "iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
+      "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
+    ]
   }
 
   provisioner "remote-exec" {

deploy/terraform/nat_interface

@@ -1 +0,0 @@
-bond0

deploy/vagrant/Vagrantfile

@@ -26,7 +26,7 @@ Vagrant.configure('2') do |config|
 
   config.vm.define :provisioner do |provisioner|
     provisioner.vm.box = "tinkerbelloss/sandbox-ubuntu1804"
-    provisioner.vm.box_version = "0.2.0"
+    provisioner.vm.box_version = "0.1.0"
     provisioner.vm.hostname = 'provisioner'
     provisioner.vm.synced_folder './../../', '/vagrant'
     provisioner.vm.provision :shell,

deploy/vagrant/basebox/ubuntu1804/provision.sh

@@ -9,8 +9,7 @@ setup_docker() (
 		ca-certificates \
 		curl \
 		gnupg-agent \
-		software-properties-common \
-		;
+		software-properties-common
 
 	curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
 		sudo apt-key add -
@@ -23,24 +22,16 @@ setup_docker() (
 	sudo add-apt-repository "$repo"
 
 	sudo apt-get update
-	sudo apt-get install -y \
-		containerd.io \
-		docker-ce \
-		docker-ce-cli \
-		;
+	sudo apt-get install -y docker-ce docker-ce-cli containerd.io
 )
 
-# from https://docs.docker.com/compose/install/
 setup_docker_compose() (
-	local name url
-	name=docker-compose-$(uname -s)-$(uname -m)
-	url=https://github.com/docker/compose/releases/download/1.26.0/$name
-	curl -fsSLO "$url"
-	curl -fsSLO "$url.sha256"
-	sha256sum -c <"$name.sha256"
-	rm -f "$name.sha256"
-	chmod +x "$name"
-	sudo mv "$name" /usr/local/bin/docker-compose
+	# from https://docs.docker.com/compose/install/
+	sudo curl -L \
+		"https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" \
+		-o /usr/local/bin/docker-compose
+
+	sudo chmod +x /usr/local/bin/docker-compose
 )
 
 main() (
@@ -54,4 +45,3 @@ main() (
 )
 
 main
-sync # do not remove!

deploy/vagrant/scripts/tinkerbell.sh

@@ -34,12 +34,12 @@ setup_nat() (
 main() (
 	export DEBIAN_FRONTEND=noninteractive
 
-	if ! [[ -f ./.env ]]; then
-		./generate-env.sh eth1 >.env
+	if [ ! -f ./.env ]; then
+		./generate-envrc.sh eth1 >.env
 	fi
 
 	# shellcheck disable=SC1091
-	source ./.env
+	. ./.env
 
 	make_certs_writable
 
@@ -51,9 +51,6 @@ main() (
 
 	secure_certs
 	configure_vagrant_user
-
-	set +x # don't want the stderr output from xtrace messing with the post-setup-message
-	[[ -f /tmp/post-setup-message ]] && cat /tmp/post-setup-message
 )
 
 main

docs/DCO.md

@@ -1,62 +0,0 @@
-# DCO Sign Off
-
-All authors to the project retain copyright to their work. However, to ensure
-that they are only submitting work that they have rights to, we are requiring
-everyone to acknowledge this by signing their work.
-
-Since this signature indicates your rights to the contribution and
-certifies the statements below, it must contain your real name and
-email address. Various forms of noreply email address must not be used.
-
-Any copyright notices in this repository should specify the authors as "The
-project authors".
-
-To sign your work, just add a line like this at the end of your commit message:
-
-```text
-Signed-off-by: Jess Owens <jowens@tinkerbell.org>
-```
-
-This can easily be done with the `--signoff` option to `git commit`.
-
-By doing this you state that you can certify the following (from [https://developercertificate.org/][1]):
-
-```text
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-1 Letterman Drive
-Suite D4700
-San Francisco, CA, 94129
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
-```

generate-env.sh

@@ -1,110 +0,0 @@
-#!/usr/bin/env bash
-
-# stops the execution if a command or pipeline has an error
-set -eu
-
-if command -v tput >/dev/null && tput setaf 1 >/dev/null 2>&1; then
-	# color codes
-	RED="$(tput setaf 1)"
-	RESET="$(tput sgr0)"
-fi
-
-ERR="${RED:-}ERROR:${RESET:-}"
-
-source ./current_versions.sh
-
-err() (
-	if [[ -z ${1:-} ]]; then
-		cat >&2
-	else
-		echo "$ERR " "$@" >&2
-	fi
-)
-
-candidate_interfaces() (
-	ip -o link show |
-		awk -F': ' '{print $2}' |
-		sed 's/[ \t].*//;/^\(lo\|bond0\|\|\)$/d' |
-		sort
-)
-
-validate_tinkerbell_network_interface() (
-	local tink_interface=$1
-
-	if ! candidate_interfaces | grep -q "^$tink_interface$"; then
-		err "Invalid interface ($tink_interface) selected, must be one of:"
-		candidate_interfaces | err
-		return 1
-	else
-		return 0
-	fi
-)
-
-generate_password() (
-	head -c 12 /dev/urandom | sha256sum | cut -d' ' -f1
-)
-
-generate_env() (
-	local tink_interface=$1
-
-	validate_tinkerbell_network_interface "$tink_interface"
-
-	local tink_password
-	tink_password=$(generate_password)
-	local registry_password
-	registry_password=$(generate_password)
-
-	cat <<-EOF
-		# Tinkerbell Stack version
-
-		export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK}
-		export TINKERBELL_TINK_SERVER_IMAGE=${TINKERBELL_TINK_SERVER_IMAGE}
-		export TINKERBELL_TINK_CLI_IMAGE=${TINKERBELL_TINK_CLI_IMAGE}
-		export TINKERBELL_TINK_BOOTS_IMAGE=${TINKERBELL_TINK_BOOTS_IMAGE}
-		export TINKERBELL_TINK_HEGEL_IMAGE=${TINKERBELL_TINK_HEGEL_IMAGE}
-		export TINKERBELL_TINK_WORKER_IMAGE=${TINKERBELL_TINK_WORKER_IMAGE}
-
-		# Network interface for Tinkerbell's network
-		export TINKERBELL_NETWORK_INTERFACE="$tink_interface"
-
-		# Decide on a subnet for provisioning. Tinkerbell should "own" this
-		# network space. Its subnet should be just large enough to be able
-		# to provision your hardware.
-		export TINKERBELL_CIDR=${TINKERBELL_CIDR:-"29"}
-
-		# Host IP is used by provisioner to expose different services such as
-		# tink, boots, etc.
-		#
-		# The host IP should the first IP in the range, and the Nginx IP
-		# should be the second address.
-		export TINKERBELL_HOST_IP=${TINKERBELL_HOST_IP:-"192.168.1.1"}
-
-		# Tink server username and password
-		export TINKERBELL_TINK_USERNAME=admin
-		export TINKERBELL_TINK_PASSWORD="$tink_password"
-
-		# Docker Registry's username and password
-		export TINKERBELL_REGISTRY_USERNAME=admin
-		export TINKERBELL_REGISTRY_PASSWORD="$registry_password"
-
-		# Tink cli options
-		export TINKERBELL_GRPC_AUTHORITY=${TINKERBELL_HOST_IP:-"192.168.1.1"}:42113
-		export TINKERBELL_CERT_URL=http://${TINKERBELL_HOST_IP:-"192.168.1.1"}:42114/cert
-
-		# Legacy options, to be deleted:
-		export FACILITY=onprem
-		export ROLLBAR_TOKEN=ignored
-		export ROLLBAR_DISABLE=1
-	EOF
-)
-
-main() (
-	if [[ -z ${1:-} ]]; then
-		err "Usage: $0 network-interface-name > .env"
-		exit 1
-	fi
-
-	generate_env "$1"
-)
-
-main "$@"

generate-envrc.sh

@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+# stops the execution if a command or pipeline has an error
+set -eu
+
+if command -v tput >/dev/null && tput setaf 1 >/dev/null 2>&1; then
+	# color codes
+	RED="$(tput setaf 1)"
+	RESET="$(tput sgr0)"
+fi
+
+ERR="${RED:-}ERROR:${RESET:-}"
+
+source ./current_versions.sh
+
+err() (
+	if [ -z "${1:-}" ]; then
+		cat >&2
+	else
+		echo "$ERR " "$@" >&2
+	fi
+)
+
+candidate_interfaces() (
+	ip -o link show |
+		awk -F': ' '{print $2}' |
+		sed 's/[ \t].*//;/^\(lo\|bond0\|\|\)$/d' |
+		sort
+)
+
+validate_tinkerbell_network_interface() (
+	local tink_interface=$1
+
+	if ! candidate_interfaces | grep -q "^$tink_interface$"; then
+		err "Invalid interface ($tink_interface) selected, must be one of:"
+		candidate_interfaces | err
+		return 1
+	else
+		return 0
+	fi
+)
+
+generate_password() (
+	head -c 12 /dev/urandom | sha256sum | cut -d' ' -f1
+)
+
+generate_envrc() (
+	local tink_interface=$1
+
+	validate_tinkerbell_network_interface "$tink_interface"
+
+	local tink_password
+	tink_password=$(generate_password)
+	local registry_password
+	registry_password=$(generate_password)
+	cat <<EOF
+# Tinkerbell Stack version
+
+export OSIE_DOWNLOAD_LINK=${OSIE_DOWNLOAD_LINK}
+export TINKERBELL_TINK_SERVER_IMAGE=${TINKERBELL_TINK_SERVER_IMAGE}
+export TINKERBELL_TINK_CLI_IMAGE=${TINKERBELL_TINK_CLI_IMAGE}
+export TINKERBELL_TINK_BOOTS_IMAGE=${TINKERBELL_TINK_BOOTS_IMAGE}
+export TINKERBELL_TINK_HEGEL_IMAGE=${TINKERBELL_TINK_HEGEL_IMAGE}
+export TINKERBELL_TINK_WORKER_IMAGE=${TINKERBELL_TINK_WORKER_IMAGE}
+
+# Network interface for Tinkerbell's network
+export TINKERBELL_NETWORK_INTERFACE="$tink_interface"
+
+# Decide on a subnet for provisioning. Tinkerbell should "own" this
+# network space. Its subnet should be just large enough to be able
+# to provision your hardware.
+export TINKERBELL_CIDR=29
+
+# Host IP is used by provisioner to expose different services such as
+# tink, boots, etc.
+#
+# The host IP should the first IP in the range, and the Nginx IP
+# should be the second address.
+export TINKERBELL_HOST_IP=192.168.1.1
+
+# Tink server username and password
+export TINKERBELL_TINK_USERNAME=admin
+export TINKERBELL_TINK_PASSWORD="$tink_password"
+
+# Docker Registry's username and password
+export TINKERBELL_REGISTRY_USERNAME=admin
+export TINKERBELL_REGISTRY_PASSWORD="$registry_password"
+
+# Legacy options, to be deleted:
+export FACILITY=onprem
+export ROLLBAR_TOKEN=ignored
+export ROLLBAR_DISABLE=1
+EOF
+)
+
+main() (
+	if [ -z "${1:-}" ]; then
+		err "Usage: $0 network-interface-name > .env"
+		exit 1
+	fi
+
+	generate_envrc "$1"
+)
+
+main "$@"

setup.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # stops the execution if a command or pipeline has an error
-set -euxo pipefail
+set -eu
 
 # Tinkerbell stack Linux setup script
 #
@@ -38,7 +38,7 @@ NEXT="${GREEN:-}NEXT:${RESET:-}"
 get_distribution() (
 	local lsb_dist=""
 	# Every system that we officially support has /etc/os-release
-	if [[ -r /etc/os-release ]]; then
+	if [ -r /etc/os-release ]; then
 		# shellcheck disable=SC1091
 		lsb_dist="$(. /etc/os-release && echo "$ID")"
 	fi
@@ -50,7 +50,7 @@ get_distribution() (
 get_distro_version() (
 	local lsb_version="0"
 	# Every system that we officially support has /etc/os-release
-	if [[ -r /etc/os-release ]]; then
+	if [ -r /etc/os-release ]; then
 		# shellcheck disable=SC1091
 		lsb_version="$(. /etc/os-release && echo "$VERSION_ID")"
 	fi
@@ -110,18 +110,6 @@ setup_networking() (
 	else
 		echo "$ERR tinkerbell network interface configuration failed"
 	fi
-
-	NAT_INTERFACE=""
-	if [[ -r .nat_interface ]]; then
-		NAT_INTERFACE=$(cat .nat_interface)
-	fi
-	if [[ -n $NAT_INTERFACE ]] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
-		# TODO(nshalman) the terraform code would just run these commands as-is once
-		# but it would be nice to make these more persistent based on OS
-		iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
-		iptables -A FORWARD -i "$NAT_INTERFACE" -o "$TINKERBELL_NETWORK_INTERFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
-		iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
-	fi
 )
 
 setup_networking_manually() (
@@ -135,10 +123,10 @@ setup_networking_manually() (
 
 setup_network_forwarding() (
 	# enable IP forwarding for docker
-	if (($(sysctl -n net.ipv4.ip_forward) != 1)); then
-		if [[ -d /etc/sysctl.d ]]; then
+	if [ "$(sysctl -n net.ipv4.ip_forward)" != "1" ]; then
+		if [ -d /etc/sysctl.d ]; then
 			echo "net.ipv4.ip_forward=1" >/etc/sysctl.d/99-tinkerbell.conf
-		elif [[ -f /etc/sysctl.conf ]]; then
+		elif [ -f /etc/sysctl.conf ]; then
 			echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
 		fi
 
@@ -171,7 +159,7 @@ setup_networking_netplan() (
 )
 
 setup_networking_ubuntu_legacy() (
-	if ! [[ -f /etc/network/interfaces ]]; then
+	if [ ! -f /etc/network/interfaces ]; then
 		echo "$ERR file /etc/network/interfaces not found"
 		exit 1
 	fi
@@ -224,7 +212,7 @@ EOF
 
 	local cfgfile="/etc/sysconfig/network-scripts/ifcfg-$TINKERBELL_NETWORK_INTERFACE"
 
-	if [[ -f $cfgfile ]]; then
+	if [ -f "$cfgfile" ]; then
 		echo "$ERR network config already exists: $cfgfile"
 		echo "$BLANK Please update it to match this configuration:"
 		echo "$content"
@@ -245,12 +233,12 @@ setup_osie() (
 
 	local osie_current=$STATEDIR/webroot/misc/osie/current
 	local tink_workflow=$STATEDIR/webroot/workflow/
-	if [[ ! -d $osie_current ]] || [[ ! -d $tink_workflow ]]; then
+	if [ ! -d "$osie_current" ] || [ ! -d "$tink_workflow" ]; then
 		mkdir -p "$osie_current"
 		mkdir -p "$tink_workflow"
 		pushd "$SCRATCH"
 
-		if [[ -z ${TB_OSIE_TAR:-} ]]; then
+		if [ -z "${TB_OSIE_TAR:-}" ]; then
 			curl "${OSIE_DOWNLOAD_LINK}" -o ./osie.tar.gz
 			tar -zxf osie.tar.gz
 		else
@@ -305,7 +293,7 @@ check_container_status() (
 		--filter "event=health_status" \
 		--format '{{.Status}}')
 
-	if [[ $status != "health_status: healthy" ]]; then
+	if [ "$status" != "health_status: healthy" ]; then
 		echo "$ERR $container_name is not healthy. status: $status"
 		exit 1
 	fi
@@ -314,7 +302,7 @@ check_container_status() (
 generate_certificates() (
 	mkdir -p "$STATEDIR/certs"
 
-	if ! [[ -f "$STATEDIR/certs/ca.json" ]]; then
+	if [ ! -f "$STATEDIR/certs/ca.json" ]; then
 		jq \
 			'.
 			 | .names[0].L = $facility
@@ -325,7 +313,7 @@ generate_certificates() (
 			>"$STATEDIR/certs/ca.json"
 	fi
 
-	if ! [[ -f "$STATEDIR/certs/server-csr.json" ]]; then
+	if [ ! -f "$STATEDIR/certs/server-csr.json" ]; then
 		jq \
 			'.
 			| .hosts += [ $ip, "tinkerbell.\($facility).packet.net" ]
@@ -347,13 +335,13 @@ generate_certificates() (
 	local certs_dir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
 
 	# copy public key to NGINX for workers
-	if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"; then
-		cp "$STATEDIR/certs/ca.pem" "$STATEDIR/webroot/workflow/ca.pem"
+	if ! cmp --quiet "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"; then
+		cp "$STATEDIR"/certs/ca.pem "$STATEDIR/webroot/workflow/ca.pem"
 	fi
 
 	# update host to trust registry certificate
 	if ! cmp --quiet "$STATEDIR/certs/ca.pem" "$certs_dir/tinkerbell.crt"; then
-		if ! [[ -d "$certs_dir/" ]]; then
+		if [ ! -d "$certs_dir/tinkerbell.crt" ]; then
 			# The user will be told to create the directory
 			# in the next block, if copying the certs there
 			# fails.
@@ -363,7 +351,7 @@ generate_certificates() (
 			echo "$ERR please copy $STATEDIR/certs/ca.pem to $certs_dir/tinkerbell.crt"
 			echo "$BLANK and run $0 again:"
 
-			if ! [[ -d $certs_dir ]]; then
+			if [ ! -d "$certs_dir" ]; then
 				echo "sudo mkdir -p '$certs_dir'"
 			fi
 			echo "sudo cp '$STATEDIR/certs/ca.pem' '$certs_dir/tinkerbell.crt'"
@@ -406,7 +394,7 @@ bootstrap_docker_registry() (
 
 setup_docker_registry() (
 	local registry_images="$STATEDIR/registry"
-	if ! [[ -d $registry_images ]]; then
+	if [ ! -d "$registry_images" ]; then
 		mkdir -p "$registry_images"
 	fi
 	start_registry
@@ -427,15 +415,13 @@ command_exists() (
 )
 
 check_command() (
-	if ! command_exists "$1"; then
-		echo "$ERR Prerequisite executable command not found: $1"
-		return 1
-	fi
-	if ! [[ -s "$(which "$1")" ]]; then
-		echo "$ERR Prerequisite command is an empty file: $1"
-	fi
+	if command_exists "$1"; then
 		echo "$BLANK Found prerequisite: $1"
 		return 0
+	else
+		echo "$ERR Prerequisite command not installed: $1"
+		return 1
+	fi
 )
 
 check_prerequisites() (
@@ -471,15 +457,15 @@ check_prerequisites() (
 		;;
 	esac
 
-	if ((failed == 1)); then
+	if [ $failed -eq 1 ]; then
 		echo "$ERR Prerequisites not met. Please install the missing commands and re-run $0."
 		exit 1
 	fi
 )
 
 whats_next() (
-	echo "$NEXT  1. Enter /deploy and run: source ../.env; docker-compose up -d"
-	echo "$BLANK 2. Try executing your first workflow."
+	echo "$NEXT  1. Enter /vagrant/deploy and run: source ../.env; docker-compose up -d"
+	echo "$BLANK 2. Try executing your fist workflow."
 	echo "$BLANK    Follow the steps described in https://tinkerbell.org/examples/hello-world/ to say 'Hello World!' with a workflow."
 )
 
@@ -491,23 +477,21 @@ do_setup() (
 	echo "$INFO starting tinkerbell stack setup"
 	check_prerequisites "$lsb_dist" "$lsb_version"
 
-	if ! [[ -f $ENV_FILE ]]; then
-		echo "$ERR Run './generate-env.sh network-interface > \"$ENV_FILE\"' before continuing."
+	if [ ! -f "$ENV_FILE" ]; then
+		echo "$ERR Run './generate-envrc.sh network-interface > \"$ENV_FILE\"' before continuing."
 		exit 1
 	fi
 
 	# shellcheck disable=SC1090
 	source "$ENV_FILE"
 
-	if [[ -z $TINKERBELL_SKIP_NETWORKING ]]; then
 	setup_networking "$lsb_dist" "$lsb_version"
-	fi
 	setup_osie
 	generate_certificates
 	setup_docker_registry
 
 	echo "$INFO tinkerbell stack setup completed successfully on $lsb_dist server"
-	whats_next | tee /tmp/post-setup-message
+	whats_next
 )
 
 # wrapped up in a function so that we have some protection against only getting

shell.nix

@@ -14,5 +14,5 @@ in
 with pkgs;
 
 mkShell {
-  buildInputs = [ go nodePackages.prettier jq shellcheck shfmt terraform_0_14 gpgme packer vagrant ];
+  buildInputs = [ go nodePackages.prettier shellcheck shfmt terraform_0_14 gpgme packer vagrant ];
 }